Well, even if you encrypt the password and username in the address bar, it's still allowing for hacks -- I mean, if the address bar will contain an acceptable "password", even if it's encrypted, then there's nothing stopping it from working again.

The most secure method to pass passwords to the program is via the POST not GET method, which keeps the address bar clean.

Thanks for the suggestion. Now I need help implementing it. The problem is that the script makes users enter the full URL which includes their username and password. I desperately need to find out how to create a method that allows users to login via a form.

Look in your script for the <FORM> tag. Change it to <FORM METHOD=POST>. If it says <FORM METHOD=GET>, try changing it to <FORM METHOD=POST> If that doesn't work, you may need to dig deeper into the code.